Lucene search

K
jvnJapan Vulnerability NotesJVN:25323093
HistoryNov 13, 2015 - 12:00 a.m.

JVN#25323093: pWebManager vulnerable to OS command injection

2015-11-1300:00:00
Japan Vulnerability Notes
jvn.jp
9

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

67.3%

pWebManager provided by PC-EGG Co.,Ltd. contains an OS command injection vulnerability (CWE-78).

Impact

An arbitrary OS command may be executed on the server by a user logged in with editor permissions.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

  • pWebManager 3.3.9a and earlier
  • pWebManager (UTF-8) 3.3.9a and earlier
  • pWebManager (for PHP4) 2.2.2 and earlier

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

67.3%

Related for JVN:25323093